1 /* |
1 /* |
2 * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
23 * questions. |
23 * questions. |
24 */ |
24 */ |
25 |
25 |
26 package sun.security.ssl; |
26 package sun.security.ssl; |
27 |
27 |
28 import java.util.*; |
|
29 import java.math.BigInteger; |
28 import java.math.BigInteger; |
30 |
|
31 import java.security.*; |
29 import java.security.*; |
32 import java.security.interfaces.RSAPublicKey; |
30 import java.security.interfaces.RSAPublicKey; |
33 import java.security.spec.*; |
31 import java.security.spec.*; |
34 |
32 import java.util.*; |
35 import javax.crypto.*; |
33 import javax.crypto.*; |
36 |
34 import sun.security.jca.ProviderList; |
37 // explicit import to override the Provider class in this package |
|
38 import java.security.Provider; |
|
39 |
|
40 // need internal Sun classes for FIPS tricks |
|
41 import sun.security.jca.Providers; |
35 import sun.security.jca.Providers; |
42 import sun.security.jca.ProviderList; |
36 import static sun.security.ssl.SunJSSE.cryptoProvider; |
43 |
|
44 import sun.security.util.ECUtil; |
37 import sun.security.util.ECUtil; |
45 |
|
46 import static sun.security.ssl.SunJSSE.cryptoProvider; |
|
47 import static sun.security.util.SecurityConstants.PROVIDER_VER; |
38 import static sun.security.util.SecurityConstants.PROVIDER_VER; |
48 |
39 |
49 /** |
40 /** |
50 * This class contains a few static methods for interaction with the JCA/JCE |
41 * This class contains a few static methods for interaction with the JCA/JCE |
51 * to obtain implementations, etc. |
42 * to obtain implementations, etc. |
52 * |
43 * |
53 * @author Andreas Sterbenz |
44 * @author Andreas Sterbenz |
54 */ |
45 */ |
55 final class JsseJce { |
46 final class JsseJce { |
|
47 static final boolean ALLOW_ECC = |
|
48 Utilities.getBooleanProperty("com.sun.net.ssl.enableECC", true); |
56 |
49 |
57 private static final ProviderList fipsProviderList; |
50 private static final ProviderList fipsProviderList; |
58 |
|
59 // Flag indicating whether Kerberos crypto is available. |
|
60 // If true, then all the Kerberos-based crypto we need is available. |
|
61 private static final boolean kerberosAvailable; |
|
62 static { |
|
63 ClientKeyExchangeService p = |
|
64 ClientKeyExchangeService.find("KRB5"); |
|
65 kerberosAvailable = (p != null); |
|
66 } |
|
67 |
51 |
68 static { |
52 static { |
69 // force FIPS flag initialization |
53 // force FIPS flag initialization |
70 // Because isFIPS() is synchronized and cryptoProvider is not modified |
54 // Because isFIPS() is synchronized and cryptoProvider is not modified |
71 // after it completes, this also eliminates the need for any further |
55 // after it completes, this also eliminates the need for any further |
392 // lazy initialization holder class idiom for static default parameters |
377 // lazy initialization holder class idiom for static default parameters |
393 // |
378 // |
394 // See Effective Java Second Edition: Item 71. |
379 // See Effective Java Second Edition: Item 71. |
395 private static class EcAvailability { |
380 private static class EcAvailability { |
396 // Is EC crypto available? |
381 // Is EC crypto available? |
397 private final static boolean isAvailable; |
382 private static final boolean isAvailable; |
398 |
383 |
399 static { |
384 static { |
400 boolean mediator = true; |
385 boolean mediator = true; |
401 try { |
386 try { |
402 JsseJce.getSignature(SIGNATURE_ECDSA); |
387 JsseJce.getSignature(SIGNATURE_ECDSA); |